KUALA LUMPUR: An alarm has been raised over Malaysia's cyber security viability following the alleged sale of millions of personal details of Malaysians.
A social media user identified as "Cyber Guardian" via a Twitter handle @Radz1112 claimed that there is an Open Systems Intelligence (OSINT) tool enabling accessibility to the people's personal data by unscrupulous quarters.
The Twitter user claimed that using the tool, one could verify data of a person including if he or she is working with the police or military among others.
"There's an OSINT tool already out in the 'clearnet' (publicly accessible Internet) that is using the leaked National Registration Department database.
"All you need is someone's name and maybe birth year, and you can verify that they're working for the Malaysian police and/or military," the posting said.
The series of Tweets was also accompanied by screenshots of the alleged search made using the tool.
The user also claimed that information related to the MySejahtera application could also be retrieved using the tool but one has to pay to get the information.
"What is concerning is that MySejahtera information is also there, but (one has) to pay (to get the information)," the user claimed.
The claims made by the user caught the attention of DAP Social Media Bureau chairman Syahredzan Johan.
"Yes, there is a site, accessible from a Google search, that will allow anyone to search a Malaysian by their name, IC (identification card number), and/or date of birth.
"If you search a person by name, their anggota ID (identification) number will show up," the same user said in a Twitter exchange with Syahredzan.
The user also claimed that he had been lot of personal message on his Twitter requesting for the website.
"No, I am not going to share it. Somebody could be using it to harm somebody else. This is way too much power anybody should be having," the user said.
Considering such claims, the user also urged Malaysians to remove their real name, any indications of their birthday, delete any pictures of their license plate and the state they were born on their social media account.
"We cannot and should not stop advocating for better national cyber security.
"Just because we are 'doxxable' (vulnerable to cyber attack that reveals one true identity) from being born before 2004, does not mean our kids (children) should have to suffer the same," said the user.
Syahredzan urged the authorities to take this matter seriously since the information is in the open already.
"I checked the site, and while detailed data requires registration and payment (which I do not want to do), the personal data seems to be there.
"For e.g (example), you just need to search the name of a person and the IC number (redacted) is there.
"It is very worrying," he said.